Edit me

Azure SSO Integration

While implementing SSO (single sign on), we recommend opening 2 browser tabs. In one tab open and log into your nOps account, in the other open your Azure account. You will need to copy information from one application to the other in order to sync the information and to allow SSO access with Azure.

This topic is for Clients who log in using an Administrator Role. It assumes that you have nOps configured on your Microsoft Entra ID (This was formerly known as Azure AD).

To Set Up SSO on nOps

  1. Login to nOps and navigate to Organizational Settings from the profile link.
    Or as a Partner Admin role click on the SSO link.

  2. From the Settings panel click the SSO option.

If you do not have SSO configured you will see a dialog to enable it

  1. Click Enable SSO to go to the SSO Settings page.

  2. Enable the Enable SSO Login toggle.

  3. From the Select SSO Type drop-down, select Azure.

Now you need to add an SSO configuration on the Azure portal.

To Set Up SSO on Azure

  1. Login to the Microsoft Azure portal and click the Microsoft Entra ID widget to go to the Overview page

  2. Click + Add and select Enterprise Application.

  3. At the Browse Microsoft Entra Gallery, search for SAML toolkit and click the icon when it’s displayed.

  4. At the Microsoft Entra SAML Toolkit dialog enter a Name for this application and click Create. This may take a few minutes to save.
    Suggestion for name: nops-SSO

    After the name is entered you will be taken to the Overview page to continue to set up this application.

Assign users and groups and set up the single sign on (SSO)

  1. Begin assigning users by clicking the link in 1. Assign users and groups widget.

  1. At the Users and groups page click + Add user/group from the toolbar.

  2. Click None Selected link and at the Users dialog enter search criteria to find and add users.

    The system may identify users that you can select.

  3. Select the users to be added and click Select.

  4. At the Add Assignment page, click the Assign button to add the users you selected. You will see a success dialog and return to the Users and groups page.

  5. Once you have completed adding all users click the Overview tab in the left pane.

Set up the single sign on (SSO) widget

  1. At the Get Started section click the link in the 2. Set up single sign on widget.

  1. At the Single sign-on page select the SAML widget to open the SAML-based Sign-on page

    You will configure URLs and attributes by copying the information from nOps and pasting it into the Basic SAML Configuration page in Azure.

  2. In Basic SAML Configuration click Edit.

  1. Replace or Add the Identifier (Entity ID) field with the Entity ID url from the nOps SSO page

  2. Replace or Add the Reply URL (Assertion Consumer Service URL) with the Assertion Consumer Service URL from nOps

  3. Replace or Add the Sign on URL in Azure with the Shareable Link for IDP Login url from nOps.

  4. Once you are done click the Save icon on the top left corner of the dialog.

Return to the Sign-on page to add attributes.

  1. Click Edit on the Attributes and Claims widget to add attributes.

  2. On Attributes & Claims dialog click + Add new claim to open the Manage claim dialog
    You will add 3 new claims. You must enter mandatory information for Name, Source and Source Attribute as seen in the following table. Save each claim before you add the next one.

Name Source Source Attribute
User.FirstName Attribute user.displayname
User.LastName Attribute user.displayname
User.Email Attribute user.mail

3. Click Save to complete the configuration for the Azure portal

Entering information from the Azure portal to nOps

To complete the set up, copy the following items from the Azure portal to the nOps SSO page.

  1. From the SAML-based sign-on page navigate to section 3 the SAML Signing Certificate widget and click the Certificate (Base64) download link.

  2. When it is downloaded, open the download with a text editor such as NotePad (DO NOT USE WORD) and copy the contents of the certificate to the nOps X.509 Certificate field.

  3. From section 4 in the Azure SAML Sign-on page copy the Login URL into the SAML 2.0 Endpoint (HTTP) (singleSignOnService: URL) in nOps.
    Use this information to enter info the Issuer URL (entityId) field in nOps.

  4. Copy the Microsoft Entra Identifier URL into the nOps Issuer URL (entityId).

  5. In the nOps SSO dialog navigate to User Roles/Groups. For Default role select client-admin to apply this role as a default for all users logging in from the Azure portal.

  6. Click Setup SSO Configuration or Update SSO Configuration to complete the setup.

    You have now completed the SSO set up on both nOps and on the Microsoft Azure portal.

Test your Set-up

You can now test your setup.

  1. From the Azure portal Saml-based Sign-on page click the Test button in section 5.

  2. At the Test single sign-on dialog click the Sign in as current user and click Test sign in.

  3. Navigate to the nOps webpage to see that you are being signed in through the Azure single sign on.

To create and add a Group configuration

  1. Click the Single sign-on tab in the left pane.

  2. Click on Edit in the Attributes & Claims section 2.

  3. Click + Add a group claim to add a group.

You will need to enter some advanced options for this claim.

  1. At the Group Claims dialog select Source Attribute: Group ID

  2. Then click the Advanced options link.

  3. Click the Filter groups checkbox and enter information for the 3 fields:
    Attribute to match: Display name
    Match with: Contains
    String: nops
    The string should match the name of the group you entered.

  4. Check the Customize the name of the group claim checkbox

  5. Enter the Name for the attribute as: User.Groups

  6. Save the Group Claim

  7. Return to the Single sign-on tab. You should see user.groups added to the User Groups setting in Attributes and Claims section

Add the group to the Azure portal.

  1. Click on the Home in the breadcrumb links at the top of the page.

  2. From the Home page find and click Groups.

  3. At the Groups | All groups page click New group.

  4. For Group name, enter a name containing the String you entered earlier (nops). For example nops-group

  5. Click Create to return to the Groups | All groups page. And refresh the page to see the group you added. You can also search for it.

  6. Copy the Object ID for the group and enter it in the nOps SSO page under User Roles/Groups > Client Admin Groups field.

  7. Ensure that the Set nOps role based on SAML Group toggle is enabled.

  8. Then click Update SSO Configurations.

To test this group integration where a member of a group is automatically logged in as an Admin user.

  1. Return to the Home page in Azure Portal.

  2. From My Apps, select the Nops App you added and click on it.

You are directed to the nOps Web app login page and are automatically logged in since SSO was set up from the Azure portal.

Minimum IAM permissions for the nOps platform
IAM permissions for the nOps platform
IAM permissions for Essentials
YAML file for nOps Commitment Management
AWS SSO Integration
SSO Integration
Okta SSO Integration
OneLogin SSO Integration
Back to top       Home
Tags: onboarding sso